Apple Mac OS X MallocStackLogging Local Arbitrary File Modification Vulnerability

Mac OS X is susceptible to a local arbitrary file modification vulnerability. This issue is due to insecure file handling in the 'malloc()' library for setuid applications.

This issue occurs due to insufficient checks in the memory allocation library, leading to local users being able to utilize the debugging features on setuid applications.

A local attacker could exploit this vulnerability to create, or append data to arbitrary files with superuser privileges. Depending on the purpose of the modified files, this may cause system crashes, or allow attackers to gain elevated privileges.

This issue was first described in BID 14914, but has been split into its own record due to further information availability.


 

Privacy Statement
Copyright 2010, SecurityFocus